CVE-2015-5338

Name of the Vulnerable Software and Affected Versions Moodle versions prior to 2.6.11 Moodle versions 2.7.x before 2.7.11 Moodle versions 2.8.x before 2.8.9 Moodle versions 2.9.x before 2.9.3

Description The issue is related to multiple cross-site request forgery (CSRF) vulnerabilities in the lesson module of Moodle. These vulnerabilities can be exploited by a remote attacker to gain access to the authentication data of arbitrary users. The exploitation involves requests to specific API endpoints, such as "mod/lesson/mediafile.php" or "mod/lesson/view.php".

Recommendations For versions prior to 2.6.11, update to version 2.6.11 or later. For versions 2.7.x before 2.7.11, update to version 2.7.11 or later. For versions 2.8.x before 2.8.9, update to version 2.8.9 or later. For versions 2.9.x before 2.9.3, update to version 2.9.3 or later. As a temporary workaround, consider restricting access to the "mod/lesson/mediafile.php" and "mod/lesson/view.php" API endpoints until a patch is applied.